[LINK] HTML email "bug", of sorts (fwd)

Irene Graham rene@libertus.net
Mon, 20 Aug 2001 19:20:57 +1000 

On Mon, 20 Aug 2001 16:55:25 +1000 Craig Sanders <cas@taz.net.au> wrote:
[...]
>http://email.ni.com.au/Click?q=3d-oilNIbztiT6M4knAwrOnZUPR
[...]
>my guess is that my userid at australianit.com.au is somehow encoded
>into that first URL. so whenever i visit any of those URLs, the date and
>time and the fact of my "interest" is recorded.
[...]
>now maybe i'm wrong and the redirect is not a spying device. that leaves
>the question 'what is it for, then?'.
>
>anyone know the real story behind these email.ni.com.au URLs?

I don't know the actual story, but my fairly-well-educated-guess is there's
only about an on 0.1% chance your suspicion is wrong.

If there's nothing suspicious, among other things you've mentioned, one
would expect that the site:
http://email.ni.com.au/
would say something more than "Thank your for your interest in this site"

So, one can try:
http://email.ni.com.au/Click
this results in:
http://203.55.155.26/ct-unavail.html
which says among other things:
"Copyright 1999, 2000 - eMailHouse by Marketing eServices. All rights
reserved."

and 'Marketing eServices' links to:
http://www.eservices.com.au/

There one finds, unsurprisingly, a direct mailing organisation that "builds
platforms that manage email campaigns and viral campaigns" etc for
organisations without the resources to do so themselves, like News
Interactive, I presume. This organisation claims to be "ADMA Direct
Marketing Code Compliant" and, appears to be a member of ADMA:
http://www.adma.com.au/whosWho/whosWhoOnline.asp?ClientCounter=36992315120007#ClientInfo

I am not suggesting that the ADMA Code is worth much - I have a complaint
under investigation by ADMA, lodged some 3-4 months ago that has *still*
not been considered by their Code Compliance Authority.

Nevertheless, mis-use of personal information, spying etc, is going to
continue even by organisations who claim to respect privacy preferences, at
the very least until many more people start making a louder noise. 

I'd recommend you do the following:
- unsubscribe from the news service
- get yourself another email address, free or whatever, and resubscribe
using that address (give them a pseudonym if they want more than an email
address, so they can't profile *you*). Don't use that address for anything
else.
- Await spam on that address.
- If you get any, you'd very likely have grounds to lodge a complaint with
ADMA, and I'd be *very* interested to know what they do/say given they
claim their current Code is compliant with laws that come into effect
21/12/2001. Whether these laws are much use is another issue, but finding
out how ADMA interprets them is interesting in terms of whether Net users
ought to feel any safety/privacy protection at all in disclosing their
personal info to "ADMA Code Compliant" organisations.

Irene